Firewalld list all open ports Firewalld list rules firewall-cmd See firewall […]
Firewalld list all open ports
To list all open ports in firealld, run
|
1 |
firewall-cmd --list-ports |
Example See firewalld […]
Firewalld list rules
To list rules use command
|
1 |
firewall-cmd --list-all --zone=public |
To list all open ports
|
1 |
firewall-cmd --list-ports |
Example
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
[root@centos7 zones]# firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="10.1.1.2/32" port protocol="tcp" port="1-65535" accept' success [root@centos7 zones]# firewall-cmd --list-all --zone=public public (active) target: default icmp-block-inversion: no interfaces: eth0 eth1 sources: services: dhcpv6-client ssh ports: 25/tcp 9090/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="10.1.1.2/32" port port="1-65535" protocol="tcp" accept [root@centos7 zones]# firewall-cmd --zone=public --remove-rich-rule='rule family="ipv4" source address="10.1.1.2/32" port protocol="tcp" port="1-65535" accept' success [root@centos7 zones]# firewall-cmd --list-all --zone=public public (active) target: default icmp-block-inversion: no interfaces: eth0 eth1 sources: services: dhcpv6-client ssh ports: 25/tcp 9090/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: [root@centos7 zones]# |
See firewall-cmd […]
Install CSF Firewall
For non cpanel server, install perl modules
|
1 |
yum install -y perl perl-libwww-perl perl-Time-HiRes unzip bind-utils |
On Ubuntu
|
1 |
apt-get install libwww-perl |
Once we have requirments installed, install csf with
|
1 2 3 4 5 |
cd /usr/local/src wget https://download.configserver.com/csf.tgz tar -xzf csf.tgz cd csf sh install.sh |
|
1 |
sed -i "s/RESTRICT_SYSLOG = \"0\"/RESTRICT_SYSLOG = \"1\"/g" /etc/csf/csf.conf |
See csf […]
Block Country in CSF firewall
CSF firewall can block all traffic from a country or list of counrty using GeoIP database. To block a country, edit file
|
1 |
/etc/csf/csf.conf |
Find
|
1 |
CC_DENY="" |
Replace with
|
1 |
CC_DENY="2_LETTER_COUNTRY_CODE" |
Here is an example to block all traffic from China
|
1 |
CC_DENY="CN" |
If you want to block another counrt, you can add it like
|
1 |
CC_DENY="CN,RU" |
Now restart csf […]
Disable IP Block Alerts in CSF Firewall
To disable IP block alert in CSF firewall, run
|
1 |
sed -i "s/LF_PERMBLOCK_ALERT\s*=.*$/LF_PERMBLOCK_ALERT = \"0\"/g" /etc/csf/csf.conf |
Restart lfd and csf
|
1 2 |
systemctl restart lfd csf -r |
See csf firewall […]
How to Block a Country in CSF firewall
To block all traffic from a country in CSF Firewall edit file /etc/csf/csf.conf
|
1 |
vi /etc/csf/csf.conf |
Find the line
|
1 |
CC_DENY = "" |
In this line, you can add 2 Letter country code. For example to block China and Russia, add
|
1 |
CC_DENY = "CN,RU" |
Now you need to restart firewall with command
|
1 2 |
systemctl restart lfd csf -r |
[…]
firewall
firewalld ufw iptables Install bitninja firewall https://opnsense.org […]
Unban an IP from CSF Firewall
To unban an IP from CSF firewall, run
|
1 |
csf -dr IP_ADDR |
Here i have an IP blocked in firewall.
|
1 2 3 4 |
[root@server22 ~]# iptables -L -n | grep 13.224.29.193 DROP all -- 13.224.29.193 0.0.0.0/0 LOGDROPOUT all -- 0.0.0.0/0 13.224.29.193 [root@server22 ~]# |
To see if CSF is blocking the IP, run
|
1 |
csf -g IP_ADDR |
Example This command also give reason for why the IP is blocked. Lets unban the IP address with command
|
1 |
csf -dr IP_ADDR |
Now IP should not be listed in […]